Analysis
-
max time kernel
156s -
max time network
164s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
06-03-2024 02:19
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
e7b6455dadedb377bdb815dc52c9cd35fe6c149d15989cc98b2703a4b5ede945.dll
Resource
win7-20240221-en
2 signatures
150 seconds
General
-
Target
e7b6455dadedb377bdb815dc52c9cd35fe6c149d15989cc98b2703a4b5ede945.dll
-
Size
339KB
-
MD5
8cdca950c533d8609d907dd339945af3
-
SHA1
464e6a181aac696c712059eb33af619d38fd90de
-
SHA256
e7b6455dadedb377bdb815dc52c9cd35fe6c149d15989cc98b2703a4b5ede945
-
SHA512
3276ee2642497c0b8e4272c43b08f490ec3d35b44328ef2ce86b4c0b206a4a8cfcb57bd87838c0ba0d8b264c10072ef75429528cb5951cfe5bbca733f2b76950
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0F:jDgtfRQUHPw06MoV2nwTBlhm8N
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3348 wrote to memory of 1892 3348 rundll32.exe 96 PID 3348 wrote to memory of 1892 3348 rundll32.exe 96 PID 3348 wrote to memory of 1892 3348 rundll32.exe 96
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e7b6455dadedb377bdb815dc52c9cd35fe6c149d15989cc98b2703a4b5ede945.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3348 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e7b6455dadedb377bdb815dc52c9cd35fe6c149d15989cc98b2703a4b5ede945.dll,#12⤵PID:1892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1340 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:81⤵PID:2364